PHP – Digging Deeper Martin Kruliš by Martin Kruliš (v1.2) 28.11.2016

HTTP Wrapper - Revision HTTP Request Wrapper Data are automatically prepared in superglobal arrays $_GET – parameters from request URL $_POST – parameters posted in HTTP body (form data) $_FILES – records about uploaded files $_SERVER – server settings and request headers $_ENV – environment variables HTTP Response Script output is the response (echo …) Headers can be modified by functions – e.g., header('header-line'); by Martin Kruliš (v1.2) 28.11.2016

HTTP Wrapper - Revision Example <form action="?op=update&id=42" method="POST"> <input name="name" type="text"> <input name="surname" type="text"> <input name="age" type="number"> <input type="submit" value="Save"> </form> 'op' => 'update' 'id' => '42' 'name' => 'Martin' 'surname' => 'Kruliš' 'age' => '19' $_GET $_POST Note the & entity used in URL, since it is being included in HTML attribute. Furthermore, note that all values are strings (despite the fact that some of them contain numbers). Example 1 by Martin Kruliš (v1.2) 28.11.2016

HTTP Wrapper Request Information Decoded to the $_SERVER array REQUEST_METHOD – used method (“GET”or “POST”) SERVER_PROTOCOL – protocol version (“HTTP/1.1”) REQUEST_URI – request part of URL (“/index.php”) REMOTE_ADDR – clients IP address HTTP_ACCEPT – MIME types that the client accepts HTTP_ACCEPT_LANGUAGE – desired translation HTTP_ACCEPT_ENCODING – desired encodings HTTP_ACCEPT_CHARSET – desired charsets + more info about the server and the client’s browser phpinfo() by Martin Kruliš (v1.2) 28.11.2016

HTTP Wrapper File Uploads In form as <input type="file" name=... /> Provide safe way to browse disk files HTTP wrapper handles the file Stores it in temporary location Provide related info in $_FILES[name] 'tmp_name' – path to the file in temp directory 'error' – error code (e.g., UPLOAD_ERR_OK) 'name', 'type', 'size', … File exists only as long as the script runs is_uploaded_file() – verification move_uploaded_file() – a safe way to move files Let us emphasize that the form must use “multipart/form-data” encoding to successfully handle file uploads. Example 2 by Martin Kruliš (v1.2) 28.11.2016

POST Request (a submitted form) HTTP Issues Problem with POST POST Request (a submitted form) script add/change something Web Server Refresh Again!!! Client (Browser) Response (a HTML page) by Martin Kruliš (v1.2) 28.11.2016

HTTP Issues Redirect Mechanism in HTTP Creating Redirect in PHP 3xx response code 301 Moved Permanently 302 Found (originally named Moved Temporarily) 303 See Other Additional header 'Location' has the new URL Browser must try to load the new URL Loops in redirections are detected Creating Redirect in PHP header("Location: my-new-url"); Automatically changes the response code (to 302) by Martin Kruliš (v1.2) 28.11.2016

HTTP Issues Redirect (303 See Other) after POST POST Request (action.php) action.php add/change something Redirect (to index.php) Web Server Redirects to a new URL (without updating history) Client (Browser) index.php generate HTML (only reads DB) Note that setting Location header in PHP always sets the 302 (Found) response code. This is no big deal; however, it is not entirely correct HTTP semantics. GET (index.php) Refresh HTML Page Example 3 by Martin Kruliš (v1.2) 28.11.2016

Redirect and AJAX Redirecting Asynchronous HTTP Requests Works transparently – i.e., in the same way as all HTTP requests handled by the browser Typically unnecessary after POST requests A script should not be re-executed after reload, thus it can receive the updated HTML immediately Uncertain semantics Is the redirect meant for the AJAX result or should the whole page load a new URL? Efficiency AJAX typically optimizes network utilization – additional redirect may be suboptimal by Martin Kruliš (v1.2) 28.11.2016

Redirect and AJAX Example – Replacing Redirect with AJAX Let us have a data table, where each item has a delete button that triggers AJAX POST request Trivial solution After successful request, JS triggers reload of the page Optionally the req. may send an URL (for location.href) Slightly more optimized solution After successful request, JS triggers reload of affected components (table) via separate AJAX GET request Optimized solution The POST response sends a HTML fragment or (better yet) a difference update for the data table by Martin Kruliš (v1.2) 28.11.2016

HTTP Issues Cookies A way to deal with stateless nature of the HTTP Key-value pairs (of strings) stored in the web browser Set by special HTTP response header Automatically re-sent in headers with every request Each page (domain) has it own set of cookies Cookies in PHP Cookies sent by browser are loaded to $_COOKIE[] Cookies are set/modified/removed by setcookie() The function modifies HTTP response headers Cookies are usually used along with a mechanism that allows keeping session specific data at the server side. PHP supports sessions directly (see documentation). Example 4 by Martin Kruliš (v1.2) 28.11.2016

Databases MySQL Original mysql API is deprecated (as of PHP 5.5) MySQL Improved (mysqli) API Dual object/procedural interface Procedural interface is similar to original (deprecated) API Advanced connectivity features Persistent connections, compression, encryption Directly supports transactions MySQL Native Driver (mysqlnd) extension More direct access to MySQL server Additional features (e.g., asynchronous queries) by Martin Kruliš (v1.2) 28.11.2016

Databases MySQLi Procedural API Establishing connection with MySQL server $mysqli = mysqli_connect("server", "login", "password", "db_name"); Performing queries $res = mysqli_query($mysqli, "SQL …"); Terminating connection mysqli_close($mysqli); Safe way to include strings in SQL query mysqli_real_escape_string($mysqli, $str); by Martin Kruliš (v1.2) 28.11.2016

Databases MySQL Results mysqli_query() result depends on the query type On failure always returns false Modification queries return true on success Data queries (SELECT, …) return mysqli_result obj mysqli_fetch_assoc($res) mysqli_fetch_obj($res) mysqli_fetch_all($res, $format) mysqli_fetch_fields($res) mysqli_num_rows($res) mysqli_free_result($res) by Martin Kruliš (v1.2) 28.11.2016

Placeholders ? can be used for bound variables Databases Placeholders ? can be used for bound variables MySQLi Prepared Statements Prepare new MySQL statement $stmt = mysqli_stmt_init($mysqli); mysqli_stmt_prepare($stmt, "SELECT ..."); Binding parameters (by positional placeholders) mysqli_stmt_bind_param($stmt, $types, $var1, …) Types string – one char ~ one parameter Execute and get result object mysqli_stmt_execute($stmt); $res = mysqli_stmt_get_result($stmt); Example 5 by Martin Kruliš (v1.2) 28.11.2016

Frameworks PHP Frameworks Symfony – one of the most popular Laravel – one of the most popular Slim - microframework Zend – one of the oldest Nette – Czech developer and comunity CodeIgniter Yii 2 Phalcon CakePHP … by Martin Kruliš (v1.2) 28.11.2016

Discussion by Martin Kruliš (v1.2) 28.11.2016